How to Assign Teams Policies and Restrict Microsoft 365 Group Creation
Microsoft Teams gives administrators fine control over how users interact within meetings, chats, and collaboration spaces. This guide walks you through assigning Teams policies using both the Teams Admin Center and PowerShell, and then shows how to limit who can create Microsoft 365 groups to prevent clutter and maintain governance.
Assigning Policies via the Microsoft Teams Admin Center
You can assign Teams policies to individual users or groups directly from the admin center. Here’s how:
Step-by-Step Instructions
- Sign in to the Teams Admin Center
Go to https://admin.teams.microsoft.com and sign in with your admin credentials. - Navigate to Meeting Policies
Select Meetings > Meeting Policies.
You’ll see a list of built-in and custom policies (e.g., Global (Org-wide default) and Marketing Meeting Policy). - Assign a Policy to a User
- Select the policy (e.g., Marketing Meeting Policy).
- Click Manage Users.
- Search for and select the user.
- Choose Apply to assign the policy.
- Assign a Policy to a Group
- Some Teams policies support group-level assignment.
- Go to the Group Policy Assignment tab.
- Click Add Group, choose your Microsoft 365 or security group, and assign the desired policy.
Assigning to groups simplifies management — new users inherit the policy automatically when added to the group.
Assigning Teams Policies Using PowerShell
If you manage many users, PowerShell offers faster and more flexible control.
Step 1: Connect to Teams PowerShell
Run the following command:
Connect-MicrosoftTeams
Sign in using your administrator credentials.
Step 2: Assign a Policy to a User
To assign a policy named “Marketing Meeting Policy” to user Alex Wilbur:
Grant-CsTeamsMeetingPolicy -Identity alexw@contoso.com -PolicyName "Marketing Meeting Policy"
This command ensures that Alex receives the correct Teams meeting settings aligned with marketing department standards.
Step 3: Remove a Policy Assignment
To remove a custom policy and revert the user back to the organization’s default:
Grant-CsTeamsMeetingPolicy -Identity alexw@contoso.com -PolicyName $null
Step 4: Useful PowerShell Cmdlets
- Get-CsTeamsMeetingPolicy – View existing policies.
- New-CsTeamsMeetingPolicy – Create a new meeting policy.
- Set-CsTeamsMeetingPolicy – Modify an existing policy.
- Remove-CsTeamsMeetingPolicy – Delete a policy.
Note: Not all policy types support creating custom versions. Some must use Microsoft’s default configurations.
Controlling Microsoft 365 Group Creation
By default, all users in your organization can create Microsoft 365 groups — and each new Team creates one automatically. This can lead to excess, unused, or orphaned groups.
To maintain governance, you can restrict group creation so that only specific users (like IT admins or department leads) can create new groups.
Requirements
Before you begin:
- You must have a Microsoft Entra ID Premium P1 or P2 license.
- The admin performing these steps must have rights to modify directory settings.
Step 1: Create a Security Group
- Sign in to the Microsoft 365 Admin Center:
https://admin.microsoft.com - Go to Teams & Groups → Active Teams & Groups → Security Groups.
- Select Add a Security Group.
- Enter a name and description (e.g., M365 Group Creators).
- Skip assigning Entra ID roles and select Create Group → Close.
This group will define who can create Microsoft 365 groups.
Step 2: Configure Group Creation via PowerShell
1. Import and Connect to Microsoft Graph Beta Modules
Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
Import-Module Microsoft.Graph.Beta.Groups
Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All"
2. Restrict Group Creation to Security Group Members
Replace "M365 Group Creators" with your group name:
$GroupName = "M365 Group Creators"
$AllowGroupCreation = "False"
$settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$params = @{
templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
values = @(
@{ name = "EnableMSStandardBlockedWords"; value = "true" }
)
}
New-MgBetaDirectorySetting -BodyParameter $params
$settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).Id
}
$groupId = (Get-MgBetaGroup | Where-object {$_.displayname -eq $GroupName}).Id
$params = @{
templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
values = @(
@{ name = "EnableGroupCreation"; value = $AllowGroupCreation },
@{ name = "GroupCreationAllowedGroupId"; value = $groupId }
)
}
Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $params
(Get-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID).Values
3. Verify the Output
If you see:
EnableGroupCreation = False
That means only members of your security group can create new Microsoft 365 groups.
Note:
- Changing
$AllowGroupCreationto"True"re-enables group creation for all users.- Global administrators and certain privileged roles can still create groups.
Why Restrict Group Creation?
Restricting who can create groups helps:
- Prevent unmonitored Team creation.
- Reduce data sprawl.
- Enforce governance and lifecycle policies.
- Simplify compliance and retention management.
Final Thoughts
Combining Teams policy assignments with controlled group creation ensures consistency and governance across Microsoft 365.
Admins gain the flexibility to customize collaboration settings while keeping environments organized and compliant.
